Hello,
I am using a login system that malfunctions when a fresh browser session is opened. It appears to happen across all browsers. Here’s what happens:
I open a new browser session.
I enter a user name and password, and I am logged in just fine.
I navigate to another page (any page), and I am no longer logged in (this is bad - not what I want).
I enter a user name and password, and I am logged in just fine.
I navigate elsewhere, and I am still logged in (this is good - this is what I want).
During the same browser session, the log-in / log-out works fine. I can even log in with different usernames and navigate freely and all functions as it should.
This happens every time I open a new browser window. So basically, I have to do the initial log-in twice for the first username I user per browser session. Then, everything works just fine, even for multiple users.
Any idea why this might be happening?
The code I am using is below.
Thanks in advance,
John
login.php:
<?php
if (!isLoggedIn())
{
// user is not logged in.
if (isset($_POST['cmdlogin']))
{
// retrieve the username and password sent from login form & check the login.
if (checkLogin($_POST['username'], $_POST['password']))
{
show_userbox();
} else
{
echo "Incorrect Login information !";
show_loginform();
}
} else
{
// User is not logged in and has not pressed the login button
// so we show him the loginform
show_loginform();
}
} else
{
// The user is already loggedin, so we show the userbox.
show_userbox();
}
Show Login Form Function:
function show_loginform($disabled = false)
{
echo '<form name="login-form" id="login-form" method="post" action="./index.php?'.$_SERVER['QUERY_STRING'].'">
<div class="usernameformtext"><label title="Username">Username: </label></div>
<div class="usernameformfield"><input tabindex="1" accesskey="u" name="username" type="text" maxlength="30" id="username" /></div>
<div class="passwordformtext"><label title="Password">Password: </label></div>
<div class="passwordformfield"><input tabindex="2" accesskey="p" name="password" type="password" maxlength="15" id="password" /></div>
<div class="registertext"><a href="http://www...com/.../register.php" title="Register">Register</a></div>
<div class="lostpasswordtext"><a href="http://www...com/.../lostpassword.php" title="Lost Password">Lost password?</a></div>
<p class="loginbutton"><input tabindex="3" accesskey="l" type="submit" name="cmdlogin" value="Login" ';
if ($disabled == true)
{
echo 'disabled="disabled"';
}
echo ' /></p></form>';
}
Login functions:
<?php
#### Login Functions #####
function isLoggedIn()
{
if (session_is_registered('loginid') && session_is_registered('username'))
{
return true; // the user is loged in
} else
{
return false; // not logged in
}
return false;
}
function checkLogin($u, $p)
{
global $seed; // global because $seed is declared in the header.php file
if (!valid_username($u) || !valid_password($p) || !user_exists($u))
{
return false; // the name was not valid, or the password, or the username did not exist
}
//Now let us look for the user in the database.
$query = sprintf("
SELECT loginid
FROM login
WHERE
username = '%s' AND password = '%s'
AND disabled = 0 AND activated = 1
LIMIT 1;", mysql_real_escape_string($u), mysql_real_escape_string(sha1($p . $seed)));
$result = mysql_query($query);
// If the database returns a 0 as result we know the login information is incorrect.
// If the database returns a 1 as result we know the login was correct and we proceed.
// If the database returns a result > 1 there are multple users
// with the same username and password, so the login will fail.
if (mysql_num_rows($result) != 1)
{
return false;
} else
{
// Login was successfull
$row = mysql_fetch_array($result);
// Save the user ID for use later
$_SESSION['loginid'] = $row['loginid'];
// Save the username for use later
$_SESSION['username'] = $u;
// Now we show the userbox
return true;
}
return false;
}
?>